Skip to main content
Versa Networks

Configure a WAN Transport Network to Deployed Controller

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.png For supported software information, click here.

This article describes how to configure and monitor a global WAN transport domain and associate it to a deployed Versa SD-WAN controller, and the configuration required for zero touch provisioning (ZTP) using a WAN transport virtual router.

After you deploy a controller using the workflow, the system administrator cannot use the workflow wizard to modify or add a configuration. Any configuration changes or addition of new services must be performed through the controller device.

Configure the Global Transport Domain

  1. In Director view, select the Configuration tab in the top menu bar.
  2. Select Objects > Transport Domains in the horizontal menu bar.

    transport-domains.png
  3. Click the add.png Add icon. In the Add Transport Domain window, enter information for the following fields.

    add-transport-domain.png
     
    Field Description
    Name (Required) Enter a name for the transport domain.
    Description Enter a text description for the transport domain.
    Transport Domain ID (Required) Enter a numeric identifier for the transport domain.
  4. Click OK.

Associate the Transport Domain with a WAN Network

  1. In Director view, select the Configuration tab in the top menu bar.
  2. Select Objects > WAN Networks in the horizontal menu bar.

    wan-networks.png
  3. Click the add.png Add icon. In the Add WAN Networks screen, enter information for the following fields.

    add-wan-networks.png
     
    Field Description
    Name (Required) Enter a name for the WAN network.
    Description Enter a description for the WAN network.
    Transport Domain (Required) Select a transport domain.
    + Transport Domain Click to create a transport domain. For more information, see Configure the Global Transport Domain, above.
  4. Click OK.

Configure an Ethernet Interface on the Controller

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a Controller device in the main panel. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Networking > Interfaces in the left menu bar. The Interfaces dashboard displays.

    controller-interface-add.png
  4. Click the add_icon.png Add icon. The Add Ethernet Interface screen displays, with the General tab selected by default. 
  5. In the Interface fields, enter the slot and port number for the VNI interface.

    interface-general.png
  6. Select the Sub Interfaces tab, and then click the add_icon.png Add icon to add a new subinterface.

    add-subinterfaces.png
  7. In the General tab, enter information for the following fields.

    subinterface.png
     
    Field Description
    Unit (Required) Enter 0 as the unit number for the subinterface.
    VLAN ID

    For a tagged port, enter a virtual LAN ID for the subinterface.

    Range: 1 through 4094
  8. Select the IPv4 tab, and then enter information for the following fields.

    ipv4-tab.png
     
    Field Description
    Static Address Click to use a static IPv4 address for the subinterface.
    IP Address/Mask Click the + Add icon and enter the IP address and prefix length.
  9. Click OK.

Configure a Network on the Controller

  1. In the Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a device name in the main panel. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Networking > Networks in the left menu bar. The screen displays the networks that are configured.

    networking-networks.png
  4. Click the add_icon.png Add icon to add a network. In the Add Network window, enter information for the following fields.

    add-network1.png
     
    Field Description
    Name (Required) Enter a name for the network.
    Interfaces Click the add_icon.png Add icon to add interfaces to the network, and select the interface that is configured on the device.
  5. Click OK.

Associate a Network in the Organization Limits

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a Controller device in the main panel. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Others > Organization > Limits in the left menu bar. The screen displays the organizations associated with the Controller node.

    limits-tab.png
  4. Click the organization name in the main pane. The Edit Organization Limit screen displays.
  5. Select the Traffic Identification tab. In the Networks section, click the add-icon.png Add icon and select the name of the network that is part of the organization.

    traffic-identification.png
  6. Click OK.

Configure a Zone and Add a Network to the Zone

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a Controller device in the main panel. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Networking > Zones in the left menu bar. The screen displays the configured zones.

    zones-page.png
  4. Click the add_icon.png Add icon. In the Add Zone window, enter information for the following fields.

    add-zones.png
     
    Field Description
    Name (Required) Enter a name for the zone.
    Interface and Networks

    Click to add an interface or a network to the security zone.
    • Networks
    		 Click the add_icon.png Add icon and select a network from the list.
  5. Click OK.

Configure a Virtual Router and Add to a Routing Instance

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select an appliance in the main pane. The view changes to Appliance view.
  2. Click the Build button in the Configuration home screen.

    build-page.png
  3. In the Enable Build Mode window, click OK. Build mode allows you to lock the device and commit all the configuration changes in the current session to the associated appliance.

    enable-build-mode.png
    Select the Configuration tab in the top menu bar.
  5. Select Networking > Virtual Routers in the left menu bar.

    virtual-routers.png
  6. Click the add-icon-black-on-white.png Add icon. In the Configure Virtual Router screen, select the Virtual Router Details tab, and then enter information for the following fields.

    instance-name.png
     
    Field Description
    Instance Name (Required) Enter a unique name for the virtual router.
    Instance Type Select Virtual routing instance.
    Interfaces/Networks Select the network to assign to the routing instance.
  7. Select the Static Routing > IPv4/v6 Unicast tab, and then click the add_icon.png Add icon.

    static-routing.png
  8. In the Add IPv4/v6 Unicast screen, enter information for the following fields. In this example, a default route is created. You can create more specific routes covering  the MPLS range with a valid nexthop IP address. 

    add-ipv4-unicast.png
     
    Field Description
    Destination (Required) Enter the destination IP address or network.
    Nexthop IP Address Select and enter the IP address to use to reach the destination network.
  9. Click OK.
  10. Select Others > Organization > Limits, and then select the organization. 
  11. In the Edit Organization Limit screen, select the Resources tab.
  12. Select the newly added routing instance from the Available Routing Instances list, and also from the Owned Routing Instances list. 

    resources-tab.png
  13. Click OK.
  14. Click the Commit button to commit the changes to the device.

    commit-button.png

Configure SLA Monitoring Path Policy under SD-WAN Configuration

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a Controller device in the main panel. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Services > SD-WAN > Path Policies. The screen displays a list of path policies that are configured.

    services-sd-wan-path-policies.png
  4. Click the add_icon.png Add icon. The Add Path Policy screen displays.
  5. In the Policy Name field, enter a name for the path policy.

    add-path-policy.png
  6. Click the add_icon.png Add icon to add a term for the path policy. The Add Terms screen displays. 
  7. In the Term Name field, enter a name for the path policy term.

    action-tab.png
  8. Select the Action tab.
  9. In the FC Specific Configuration section, click the add_icon.png Add icon to create an SLA Monitoring Profile. Note that global SLA monitoring values can be left as the defaults or adjusted for your monitoring requirements.
    1. In the Add Terms Add Forwarding Class Specific Config window, select the forwarding class that the SLA monitoring configuration applies to, and configure the default SLA Monitoring parameters, if required.

      forwarding-class.png
    2. Click OK.
  10. Click OK.

Configure the Transport Domain to the Controller

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a device in the main pane. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Services > SD-WAN > System > Transport Domain in the left menu bar.

    transport-domains-page.png
  4. Click the add_icon.png Add icon. In the Add Transport Domain window, enter the transport domain name and domain ID. Note that the transport domain ID must match the transport domain ID created globally, in Configure a Transport Domain, above.

    add-trans-domain.png
  5. Click OK.

Associate an SD-WAN Interface with the Transport Domain

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a device in the main pane. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Services > SD-WAN > System > Site Config in the left menu bar. 
  4. Click the edit_icon.png Edit icon.

    site-cofig-page.png
  5. In the Edit Site Config window, click the add_icon.png Add icon in the WAN Interfaces section to add the new WAN interface.

    edit-site-config-page.png
  6. In the Add WAN Interfaces screen, enter information for the following fields.

    add-wan-interfaces2.png
     
    Field Description
    Interfaces (Required) Select a WAN interface from the drop-down list.
    Transport Domain

    Click the add_icon.png Add icon and select a transport domain associated with the interface.
    Circuit Name Enter the name of the Circuit.
  7. Click OK.

Configure SLA Monitoring Policies for Tenants

You must configure an SLA monitoring policy for each tenant where a new WAN transport domain is used.

To configure an SLA monitoring policy:

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a device in the main pane. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Services > SD-WAN > System > Site in the left menu bar.

    site-page.png
  4. Click the edit-icon.png Edit icon.
  5. In the Edit Site window, click the add_icon.png Add icon in the WAN Interfaces section to add a new WAN interface.

    edit-site.png
  6. In the Add WAN Interfaces screen, enter information for the following fields.

    add-wan-interfaces.png
     
    Field Description
    Interfaces (Required) Select a WAN interface from the drop-down list.
    SLA Monitoring Policy  
    • SLA Monitoring
    		 Select the end-to-end data-driven SLA monitoring path policy to use for SLA monitoring.
  7. Click OK.

Configure a Staging IPsec VPN Profile for WAN Transports

To allow ZTP to use a new transport domain to onboard remote branches and hubs, you must create a staging IPsec VPN profile. You can add a new staging IPsec VPN profile, or you can clone an existing profile and modify the configuration as required.

Note that Versa Director automatically allocates an address pool.

To configure a staging IPsec VPN profile:

  1. In Director view:
    1. Select the Configuration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a device name in the main pane. The view changes to Appliance view.
    4. Select an organization (tenant).
  2. Select Services > IPsec > VPN Profiles in the left menu bar.

    ipsec-clone.png
  3. Click the add_icon.png Add icon. The Add IPsec VPN screen displays. 
  4. Enter a name for the VPN profile in the VPN Profile Name field.

    add-ipsec-vpn.png
  5. On the General sub-tab below the VPN Profile Name field, enter information for the following fields.
     
    Field Description
    VPN Type (Required)

    Select the VPN type to Controller Staging SD-WAN.
    Tunnel Routing Instance Select the tunnel routing instance to OrgName-Control-VR. For example, Versa-Control-VR. 

  6. Select the Local and Peer tab, and then enter information for the following fields.

    local-and-peer-tab.png

    Field Description
    Routing Instance (Required) Select the routing instance through which IPsec peer is reachable.

    Local Interface

    		 Click to select a local interface from the drop-down list.
  7. Select the IKE tab, and then enter information for the following fields.

    ike-ipsec-vpn-tab.png

    Field  Description
    Authentication Domain Enter the name of the authentication domain.
    Shared Key (Required)

    Enter the preshared key (PSK) to use to create a tunnel. The PSK cannot include any of the following five special characters:

    " < > # /
    Email Identity (Required) Enter the email ID for authentication.

Verify the Transport Domain Connectivity

Before you can verify that the transport domain is active, you must deploy a minimum of one branch or hub device which uses the transport domain.

To verify the transport domain is active:

  1. In Director view:
    1. Select the Administration tab in the top menu bar.
    2. Select Appliances in the left menu bar.
    3. Select a device in the main pane. The view changes to Appliance view.
  2. Select the Monitor tab in the top menu bar.
  3. Select Services > SD-WAN > SLA Paths.
  4. In the drop-down list, select the branch that uses the same transport domain. 

    monitor-sla-paths.png

Supported Software Information

Releases 22.1.4 and later support all content described in this article.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.